`Botnets’ threaten online shopper security

December 29, 2019

first_imgLaunched Jan. 19, it infected 1million to 3million computers at its peak, and appears to be based in Eastern Europe, with probable ties to people in the United States, Runald said. George Halo doesn’t need any warning about online safety issues. He avoids sharing personal information over the Internet and doesn’t shop online. “I just don’t trust it yet,” said Halo, 26, of Northridge, while spending his cash recently at the Westfield Topanga mall. “Plus, I don’t want to give my credit card information out.” His fears aren’t unfounded. The FBI announced Wednesday that it is looking for four men involved in a “phishing scheme” that resulted in the loss of $400,000 from various brokerage accounts. In such scams, cyber criminals pose as a company, often a financial institution, and create legitimate-looking but fraudulent e-mails and Web pages to get people to type in their user names and passwords. Then there’s the recent announcement that John Schiefer, 26, of Los Angeles, a well-known figure in the botnet underground, is expected to plead guilty to four felony counts related to cyber crimes using botnets. “He’s the biggest fear,” said Mark C. Krause, a Los Angeles-based assistant U.S. attorney in the cyber crime and intellectual property section. Schiefer, a computer security consultant hired to make sure company networks were safe, is accused of using hundreds of thousands of computers to engage in various botnet schemes including wiretapping, identity theft and defrauding banks. In one of the most serious breaches, officials said, Schiefer was able to create a malicious code that accessed user names and passwords stored in Microsoft’s Pstore, an encrypted, secured storage area that protects, among other things, user names and passwords for online accounts. Schiefer and his cohorts used the information to access accounts to PayPal and other online services to make purchases or transfer funds out of people’s bank accounts, Krause said. “He’s getting access to some of the stuff that you think is the most protected,” he said. The first person ever charged under the federal wiretap statute for conduct related to botnets, Krause said, Schiefer was also accused of illegally installing adware on about 150,000 computers. He accepted payment from a Dutch advertiser who hired him as a consultant to install adware on computers with owners’ consent – which he never had. “In this case, a variety of things he did were certainly things that we had been fearing a long time,” Krause said. Schiefer could spend 60 years in federal prison and face a $1.75million fine. His case came to light during the FBI’s Operation Bot Roast II investigation, which so far has resulted in indictments, guilty pleas or sentencing of eight people, FBI officials said. Bryan Duchene, an FBI supervisory special agent, said the latest cases highlight the need for people to use firewalls, anti-virus software that is up to date, strong passwords and other basic safeguards to protect themselves from cyber thieves. Not doing so is “like going on vacation and leaving your door unlocked,” Duchene said. “Your door is shut but anybody can still walk in.” People also have to use extreme caution when opening e-mails, even those that might look like they came from their bank, Duchene said. “Fraudsters will have pages identical to what your bank looks like,” he said. “No major bank is going to say: We’ve lost your password or we’re resetting it, please send us a new one. That just doesn’t happen.” Linda Little, 59, of Woodland Hills said she’s a thorough shopper who uses the Internet to read consumer reports and compare prices. She applies that same diligence to making sure her computers are protected. “My PCs all have the latest software,” she said. “I check my firewall. I check my updates.” rick.coca@dailynews.com 818-713-3329160Want local news?Sign up for the Localist and stay informed Something went wrong. Please try again.subscribeCongratulations! You’re all set! By now, shoppers surely know about the risks of typing in their personal information when they buy anything online. But with an estimated 105million Americans shopping via computer this holiday season, the FBI and other experts now are warning consumers about “botnets” – an army of zombie computers used to commit identity theft, spamming, bank fraud and other cyber crimes. The news comes as malicious software attacks, commonly called malware, have jumped dramatically this year, with 250,000 identified so far – the entire total for the previous two decades combined, according to a recent report released by F-Secure, an online-security company. And it comes as about 60percent of Americans plan to do less online shopping this holiday season than last year because they don’t feel as secure, according to a Harris Interactive survey conducted for Microsoft. AD Quality Auto 360p 720p 1080p Top articles1/5READ MOREWhicker: Clemson demonstrates that it’s tough to knock out the champPatrik Runald, a security response manager with F-Secure, said that with 700 new malware identified each day, there’s reason for concern. “We basically had 20 years of malware in one year,” Runald said. “They’re not all botnets, obviously, but a lot are.” Online criminals worldwide create botnet armies by surreptitiously installing malware on personal computers through e-mail attachments, images, links or what the Federal Trade Commission calls “drive-by-downloads,” which can include malicious software installed while you’re on the Web. Victims often have no clue their computers have been infected and are being used to commit crimes – sometimes against the user, sometimes against others. The “Storm” botnet, which got its name by initially sending out e-mails based on real news events in its subject box – “230 dead as storm batters Europe,” for example – has been very successful, Runald said, calling it “probably the biggest and most brilliant botnet ever.” last_img

Leave a Reply

Your email address will not be published. Required fields are marked *